Users and Roles - User Management

• Resources. A resource is a logical group of one or more ITBA application data items (for example application data or components or budgets). Once you define resources, you attach the resource to a permission.
• Roles and Permissions. Each role is a set of permissions. Permissions define which actions the user can perform and on which resources. For example, you can create a role that enables its users to create Dashboard pages.

• Users and Groups. Each user has a list of roles that define their permissions. When you assign a role, that user only has access to specific portions of the program and specific resources that are relevant to their role. You can also define groups of users with the same roles or access rights. When you attach a user or group to a group, the user or group inherits all of the group’s roles.

  Typical users are:

  Term	Description
  Viewer Users	Users that have limited permissions and in most cases can only view content in the Dashboard and Explorer without any option to modify it. They will not have access to the Studio, and ADMIN tabs. In some cases we refer to them as Viewer users
  Advanced Users	All users that are not Viewer users (including users under the Administrator group, Scorecard Administrator Group and users that are not under any group).
  Scorecard Administrator	Type of Advanced user with permissions to create Scorecards and Dashboard pages
  Super-Admin	Super user, a subset of the Advanced User – normally this user deals with the installation, foundation and permission issues. This user is the Admin user that was created during installation.

Users can be managed using either of the following, but not both:

• Enterprise Users: Users are created and managed in IT Business Analytics.
• LDAP Users: Users are created and managed on your LDAP server which is connected to IT Business Analytics. For details, see Users and Roles - LDAP Management.

The Administrator uses the Admin tab to define users that have roles, roles that contain a set of permissions that may contain resources. It is recommended to create resources and attach them to permissions first in the user management process. For details, see Users and Roles - Role Management.

• Working without LDAP. If you delete a user or a group in User Management, and the user or group is assigned a dimension:entity,the assignments are deleted. If as a result of the operation, the dimension:entity has no assigned user or group, is automatically assigned to the default Dimension Permission Group for the Unassigned Entities.
• Working with LDAP. If you delete a user or a group in LDAP, and the user or group is assigned a dimension:entity, the dimension:entity assignments are not removed (since the users and groups are managed in different databases). If as a result of the operation, the dimension:entity has no assigned user or group, it will not be automatically assigned to the default Dimension Permission Group for the Unassigned Entities, and the administrator must make sure to assign the permission manually in ITBA.

For details, see Users and Roles - Dimension Permissions.

1. Select ADMIN> Users and Roles > User Management.
2. In the Search Users tab, enter the search criteria.
3. Click Search. The relevant users are displayed.

When using LDAP for user management, you cannot add LDAP users in IT Business Analytics directly. You must first create them in the LDAP server and then populate them into IT Business Analytics manually.

1. Select Admin > Users and Roles > User Management.
2. In the Users & Groups tab, select the group under which you want to add a user and click Add User . The Add user dialog box opens.
3. Enter the relevant details.

1. Select ADMIN> Users and Roles > User Management.
2. In the Users & Groups tab, click Add group under the root .
3. Enter the Group Name and Group Description and click OK. The group is added under the root.

1. Select ADMIN> Users and Roles > User Management.
2. Select a user from the Users & Groups tab.
3. In the Roles and Permissions area, select a role to view the permissions and resources associated with the role.

1. Select ADMIN> Users and Roles > User Management.
2. Select a user or group from the Users & Groups tab.
3. In the Roles and Permissions area, click Assign role . The Assign Roles dialog box opens.
4. Select a role from the Available Roles list and use the arrows to move the role to the Selected Roles list.
5. Click OK to save your selections.

1. Select ADMIN> Users and Roles > User Management.

2. Select the user or the group from which you want to unassign a role.

3. In the Roles and Permissions area, select the role you want to delete and click Remove Role.

Users can be granted permissions to perform the following operations on user-defined pages: View page, Manage Page (change and delete specific page) and Administrate pages (add pages and full control on all pages in the system).

To create a new page in the Dashboard , contact your administrator. The administrator should:

1. Create the relevant page in IT Business Analytics.
2. Define the page Instance and Resource. For details, see Users and Roles - Resource Management.
3. Give you (the Business Analyst - Dashboard Designer) the needed permissions to update the page. For details, see Users and Roles - Role Management.
4. Give the relevant user (executive) the needed permissions to view the page. For details, see Users and Roles - Role Management.

Permissions to work with Dashboard components and pages are defined in Admin > Users and Roles > User Management.

The operations that can be defined for a user are dependent on the area within Dashboard, as follows:

• Predefined Pages. These pages are defined out-of-the-box. They have a pre-defined layout but entities are not selected. Users with the relevant permissions can select the relevant entities using the component filters. Depending on their permissions, users can change the component layout in the page and the selections in the component filters. Note that out-of-the-box pages cannot be deleted. More information about the permissions is available in Users and Roles - Role Management.
• User Pages and User Components. Users can be granted permissions to perform the following operations on user-defined pages and components: View page, Manage Page (change and delete specific page) and Administrate pages ( add pages and full control on all pages in the system).

Click to refresh the page.

• Users & Groups Tab

  User interface elements are described below (when relevant, unlabeled elements are shown in angle brackets):

  UI Element	Description
  Users and Groups tree	A tree containing all of the existing groups and users attached to those groups. To find users that are not attached to a specific group, but are under the group Everyone, use the Search Users tab. For details, see Search Users Tab. When a user is added to LDAP, it is displayed in the Users and Groups tree after you log on to IT Business Analytics.
  	Create User. Adds a new user under the selected group. The user inherits the group’s roles. Enter the user's Login Name, Display Name, Email, and New Password and click OK. When using LDAP for user management, you cannot add LDAP users in IT Business Analytics directly. You must first create them in the LDAP server and then populate them into IT Business Analytics manually.
  	Create group. Creates a new group under a selected existing group. The group inherits the existing group’s hierarchy. Enter the Group Name and Group Description and click OK. Available Groups Administrators.Users who can administer the system. Scorecard Administrators. Users who can manage specific Scorecards and Pages according to the assigned roles and permissions. Casual Viewer. Users with a very limited set of permissions. Everyone. All users of the system. Note The following groups are the default groups available in SAP BusinessObjects Enterprise and exported to the ADMIN tab. They are not applicable to the ITBA application. QaaWS Group Designer Report Conversion Group Users Test Root Translators Universe Design Users
  	Add group under the root. Creates a new group under the root. Enter the Group Name and Group Description and click OK.
  	Attach to group. Attaches the selected user or group to a group. The users or groups inherit all of the group’s roles. Select the group and click OK.
  	Detach from group. Detaches the selected user or group from a group. When you detach a user/group from a group, they no longer have the roles that they inherited from the group. When you detach a group from a group, it moves to the "root" of the groups and users tree.
  	Delete. Deletes the selected user or group. When a group is deleted, its users still exist under a system group called Everyone.
  	Refresh. Refreshes the displayed information.

• Search Users Tab

  User interface elements are described below (when relevant, unlabeled elements are shown in angle brackets):

  UI Element	Description
  Search Users	The search criteria. To search for users, enter some or all of the user details: Login Name, Display Name, Email.
  Search	Search. Click to search for users that match the criteria entered in the Search Users tab.
  User Name	A list of all users that match the search criteria.

• User Details Pane

  Select a user and click User Details.

  User interface elements are described below (when relevant, unlabeled elements are shown in angle brackets):

  UI Element	Description
  Login Name/ Group Name	The name of the selected user or group.
  Display Name/ Group Description	The description of the selected user or group.
  Email	The email of the selected user.
  Edit Details	Edits the selected user or group details.
  Edit Password	Enables you to change a user password.
  Roles and Permissions	The assigned roles and corresponding permissions and resources for the selected user or group.
  	Assign role. Opens the Assign Roles dialog box that enables you to assign a role to the selected user or group.
  	Remove role. Removes the selected role from the user or group.
  Role name	The role assigned to the selected user or group.
  Permission	List of permission names contained in the selected role.
  Resource	The resource attached to the permission of the selected role. N/A. Not Applicable. None of the available resources apply to this permission. <Resource Name>. The permission is attached to a specific resource. All. The permission is applicable to all resources. For details, see Users and Roles - Resource Management.

Select a role in Roles and Permissions, and click .

User interface elements are described below (when relevant, unlabeled elements are shown in angle brackets):

UI Element	Description
	Select a role from the Available Roles list and use the arrows to move the role to the Selected Roles list.
Available and Selected Roles	Each user or group can have one or more assigned roles.
Permission details	The read-only details about the permissions and corresponding resources for the selected role.
Resource	The list of resources for each permission: Not Applicable. Used for permissions that do not require a specific resource setting. <Resource Name>. The permission refers to a specific resource. All. The permission is applicable to all resources.